Using Control Patterns in Business Processes Compliance

The realization and documentation of an effective Internal Controls System is required by regulations such as Sarbanes Oxley Act (SOX). In this paper we introduce a pattern based approach for modeling of the Internal Controls in Business Processes. They can be captured as declarative rules and checked during execution time of processes. The approach supports the definition of the controls outside of the operative Business Processes run by e-Business Systems in order to enable the reuse of process models and controls in different business and compliance environments. A detailed discussion on the domain model of Internal Controls and the system architecture necessary for realizing the approach is provided.

[1]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[2]  Frank Leymann,et al.  Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[3]  Thomas E. Hartman The cost of being public in the era of Sarbanes-Oxley , 2004 .

[4]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[5]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[6]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[7]  Silvana Castano,et al.  Using Patterns to Design Rules in Workflows , 2000, IEEE Trans. Software Eng..

[8]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).